When I connect to ssl amazon - I get served a signed cert saying I am defn connecting to who I think I'm connecting to. But in the world of p2p I have no idea who I'm connecting to.. What stops the ISPs from getting 'in the middle' to decrypt the traffic?

MSE/PE uses key exchange combined with the infohash of the torrent to establish an RC4 encryption key. The key exchange helps to minimize the risk of passive listeners, and the infohash helps avoid man-in-the-middle attacks.

Not really sure what is meant by "infohash" in this context?

Regardless, I'm sure this is just part of the arms race between p2p users and ISPs. If 'man-in-the-middle' is possible it just raised the bar (and computing power needed) for the ISPs.

Encrypting packets wouldn't in any way hinder the ISP's capabilities of throttling your bandwidth. And with packets coming in from many peers, an ISP would have to sit down and manually re-arrange the packets and hope that they form some kind of meaningful content.
–
nilamoAug 24 '09 at 2:30

3

@nilamo an ISP can throttle ALL your bandwidth, yes. the question is about ISPs detecting the bittorent protocol and throttling bittorent alone.
–
TesterTurnedDeveloperAug 24 '09 at 2:51

2 Answers
2

Essentially, the encryption has it so that while you don't know exactly who you're connected to, you're assured you're connected to another user for that specific torrent.

The infohash is a SHA1 hash calculated for your specific torrent; essentially a unique ID for your torrent. By making this a factor in your key exchange with another user, your ISP would have to know the hash of that torrent to begin identifying your encrypted connection as one used for torrents and P2P in general. It's part of the shared secret password that torrent users would know, but your ISP wouldn't.

It is much more difficult without knowing that hash, as your connection will just look like any other encrypted channel between two parties, making it quite resistant to your ISP sniffing around for signs of P2P.

Thanks, RoyalKnight. Your answer led me to this article about the encryption: rdist.root.org/2008/02/18/bittorrent-peer-list-encryption So an ISP could snoop in on the torrent file and derive the same key. From the article: "If an ISP can read the infohash from the peer’s tracker connection, then they can also decrypt the peer list. This is mitigated by some trackers supporting SSL connections.". Interesting stuff!
–
TesterTurnedDeveloperAug 24 '09 at 22:32

I believe that this means that the information is being encrypted using keys from the key exchange, then each packet contains a hash of the encrypted data.

This hash allows each end to verify that the data is coming direct, because if a mitm attack occurred then a different key would be used. This would cause the encrypted data to be different, so the hash value would change, and the endpoints would be able to detect the attacker.